1 / 44

Risk Management With Customer Focus

Kevin Beard. Risk Management With Customer Focus. Introduction To Risk . Discuss Risk/QMS Relationship Concepts Introduction to Risk/QMS in AS9100c Additional & Sanctioned Training to Be Provided By OPMT Case Studies & Audience Participation. Introduction To Risk.

paul2
Download Presentation

Risk Management With Customer Focus

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Kevin Beard Risk Management With Customer Focus

  2. Introduction To Risk • Discuss Risk/QMS Relationship Concepts • Introduction to Risk/QMS in AS9100c • Additional & Sanctioned Training to Be Provided By OPMT • Case Studies & Audience Participation

  3. Introduction To Risk • How Do We Currently View Risk In AS9100b • Customer Requirements • Other Parts of Std.??? • How Many Have Read AS9100c • What Do We See As The Difference • Structure?? • New Individual Requirements?? • Underlying Concept that Applies Across the Standard?? • Why Are We Discussing Risk Today • Complex Concept • Difficult to Understand • Difficult to Explain to Customers • Therefore, Difficult to Audit

  4. What is Risk? • A risk is a potential future event that could result in adverse and unplanned consequences. • A risk is NOT a Problem, an Issue, or a Crisis! • Riskis a measure of the potential inability to achieve overall program objectives within defined cost, schedule and technical constraints. (Reference: Risk Mgt Guide for DoD Acquisition, 4th Edition, June 2003)

  5. What is Risk? Product & Technical Risks Risk Management Processes Risk Mitigation Behaviors within a process

  6. What is Risk? Product & Technical Risks Risk Management Processes Risk Mitigation Behaviors within a process

  7. Risk Management Processes • Risk Planning • The step of developing and documenting comprehensive and interactive strategies and methods for identifying and tracking risk areas, training, developing risk mitigation plans, performing risk assessments to determine how risks have changed, and planning/obtaining adequate resources. • Risk Identification • The step of discovering and defining all risks inherent in your program or project. • Risk Assessment • The process of analyzing and prioritizing program and process risks against cost, schedule and/or performance criteria. • Risk Handling • The step that identifies, evaluates, selects, and implements actions in order to reduce risk likelihood or consequence to an acceptable level. • Risk Monitoring • The step that systematically tracks and evaluates the performance of Risk Handling actions against established metrics throughout the acquisition process.

  8. The Risk Management Process - Risk PDCA -

  9. What is Risk? Product & Technical Risks Risk Management Processes Risk Mitigation Behaviors within a process

  10. Product & Technical Risks • Complexity of Design • Criticality of Product for End Use • New or Unproven Process or Technology • Organizational Capability to Design or Build Product • New or Unproven Process to Organization • New Technology to Company • Items or Requirements That are Candidates for Risk Management Processes • Others??

  11. What is Risk? Product & Technical Risks Risk Management Processes Risk Mitigation Behaviors within a process

  12. Risk Based Decisions & Behaviors • Identification • Discovering and defining all risks inherent in your program, project, process, or task. • Communication • Communicating Risks to all Relevant Individuals and Processes • Risk Understanding • Understanding the Risks and How they affect your Function or Process • Decision Making (Risk Based) • Making Choices on application of ‘Individual Options’ and ‘Process Options’ • Risk Behaviors • Knowledge of Identified Risks • Knowledge of Process Options • Application of Identified Risk Topics to ‘Process Options’

  13. Requirements & Risk Based Decisions How Communicated • Operational Options that Need Risk Oriented Decisions associated with Critical Requirements • Design Approach • V&V Approach • Monitor & Insp. Approach • Supplier Oversight Where Identified What Decisions RFQ Proposal Contract Design Manufact. Integrate Product Delivery Monitoring and Inspection Activities Communication of Supplier Requirements -Key Characteristics- Purchasing Suppliers All Requirements are not created equal

  14. AS 9100 – 3.1 Terms and Definitions Risk - An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.

  15. Variable Risk Application Approach Varying Applicability to Different Functions Risk Processes…..‘appropriate to the product and the organization’ (7.1.2) How Does Risk Approach Vary? • Organizational Application of Risk Can Vary Based on Situation, Customer, Product Line, etc. • Audit Approach & Questioning Will Need to Vary Also.

  16. Theory Applied Product & Technical Risks Risk Management Processes Risk Mitigation Behaviors within a process

  17. AS 9100 – 7.1.2 Risk Management The organization shall establish, implement and maintain a process for managing risk to the achievement of applicable requirements, that includes as appropriate to the organization and the product a) assignment of responsibilities for risk management, b) definition of risk criteria (e.g., likelihood, consequences, risk acceptance), c) identification, assessment and communication of risks throughout product realization, d) identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria, and e) acceptance of risks remaining after implementation of mitigating actions. Processes Behaviors

  18. Risk Impacts – P.P.P. 7.1.2 Risk Management c) identification, assessment and communication of risks throughout product realization, d) identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria,

  19. AS 9100 – 7.1.2 Risk Management 7.2.2 Review of requirements related to the product e) risks (e.g., new technology, short delivery time frame) have been identified (see 7.1.2). 7.4.1 Purchasing process f) determine and manage the risk when selecting and using suppliers (see 7.1.2). 8.5.3 Preventive action NOTE Examples of preventive action opportunities include risk management, error proofing, failure mode and effect analysis (FMEA), and information on product problems reported by external sources. 8.2.4 When the organization uses sampling inspection as a means of product acceptance, the sampling plan shall be justified on the basis of recognized statistical principles and appropriate for use (i.e., matching the sampling plan to the criticality of the product and to the process capability).

  20. AS 9100 – 7.1.2 Risk Management • Does Risk Apply in Other Parts of the AS9100 Standard • Explicit? • Implied? • How does this apply throughout the AS9100 standard • Processes? • Decisions/Behaviors? • 4.1 General Management System Requirements • 7.1 Product Realization Planning • 7.3 Design & Development Lifecycle Processes • 7.5 Production & Service Provision • 8.1 Measurement, Analysis & Improvement

  21. Potential Impacts – Large Companies Varying Applicability to Different Functions Risk Processes…..‘appropriate to the product and the organization’ (7.1.2) How Do Risk Responsibilities Vary? • Program – Cost, Schedule, Technical • Engineering – Design, Technology Capability, Others • Supplier Management – Supplier Capability, Cust/Supplier Interface, Others • S&MA – Independent Oversight (Processes, Suppliers, Etc.), Others • Individuals – Application of Risk to Option Decisions

  22. Potential Impacts – Small Companies Varying Applicability to Different Functions Risk Processes…..‘appropriate to the product and the organization’ (7.1.2) How Do Risk Responsibilities Vary? • Sales & Contracts – Understanding of User Needs/Requirements & Comparison of User Needs To Organizational Capabilities • Production Planner – Applying “Appropriate” Methods Associated with Risk to Meeting User Needs & Requirements • Purchasing – Vendor Capability, Risk/Criticality Communication, Others • Manufacturing – Applying “Appropriate” Methods • Inspector – Independent Verification • Individuals – Application of Risk to Option Decisions

  23. Risk Case Studies • What Have We Covered? • General Discussion on Risk Theories • Relationship to AS9100c Standard • Time to put your Auditor Hats Back On • Case Studies • Risk Associated With Product • Risk Associated With Processes • Risk Associated With People

  24. Product Risk in Lower Tier Organizations In Your Pre-Audit Planning, You Find that the Organization’s Customer provided the Organization with a PO on a very challenging task that includes providing a product that is more complicated than other products previously manufactured. • What Additional Questions Would You Pursue in Pre-Audit Discussions • Who Has Risk Management Responsibility for this Scenario (7.1.2 a&b) • Area Where Risks Might Be Identified (7.1.2 c) • Create an Audit Plan. (What Are the Areas of Focus, Including Customer Risk Expectations) • How Are Risks Communicated (7.1.2 c) • What Risk Mitigation/Decisions are Made (How Documented) (7.1.2 d) • Onsite Audit • Types of Questions You Would Pursue • Types of Issues/Findings That May Develop

  25. ProcessRisk in Lower Tier Organizations In Your Pre-Audit Planning, You Find that the Organization’s Customer provides the organization with a PO that includes a task that you do not have the capability for. You outsource this task to a vendor that you have never used before. • What Additional Questions Would You Pursue in Pre-Audit Discussions • Who Has Risk Management Responsibility for this Scenario (7.1.2 a&b) • Area Where Risks Might Be Identified (7.1.2 c) • Create an Audit Plan. (What Are the Areas of Focus, Including Customer Risk Expectations) • How Are Risks Communicated (7.1.2 c) • What Risk Mitigation/Decisions are Made (How Documented) (7.1.2 d) • Onsite Audit • Types of Questions You Would Pursue • Types of Issues/Findings That May Develop

  26. People Risk in Lower Tier Organizations In Your Pre-Audit Planning, You Find that the Organization’s Customer transferred a large contract to this organization. The organization had to increase your workforce by 20% and add shift work. In your last audit your recall that the Organization was Working at/near capacity. • What Additional Questions Would You Pursue in Pre-Audit Discussions • Who Has Risk Management Responsibility for this Scenario (7.1.2 a&b) • Area Where Risks Might Be Identified (7.1.2 c) • Create an Audit Plan. (What Are the Areas of Focus, Including Customer Risk Expectations) • How Are Risks Communicated (7.1.2 c) • What Risk Mitigation/Decisions are Made (How Documented) (7.1.2 d) • Onsite Audit • Types of Questions You Would Pursue • Types of Issues/Findings That May Develop

  27. Theory Applied Product & Technical Risks Risk Management Processes Risk Mitigation Behaviors within a process

  28. Special What??? Characteristic Key Critical Requirement Items Special

  29. 3 Terms and Definitions 3.2 Special requirements Those requirements identified by the customer, or determined by the organization, which have high risks to being achieved thus, requiring their inclusion in the risk management process. Factors used in the determination of special requirements include product or process complexity, past experience and product or process maturity. Examples of special requirements include performance requirements imposed by the customer that are at the limit of the industry’s capability, or requirements determined by the organization to be at the limit of their technical or process capabilities.

  30. 3 Terms and Definitions 3.3 Critical items Those items (e.g., functions, parts, software, characteristics, processes) having significant effect on the product realization and use of the product; including safety, performance, form, fit, function, producibility, service life, etc.; that require specific actions to ensure they are adequately managed. Examples of critical items include safety critical items, fracture critical items, mission critical items, key characteristics, etc.

  31. 3 Terms and Definitions 3.4 Key characteristic An attribute or feature whose variation has a significant effect on product fit, form, function, performance, service life or producibility, that requires specific actions for the purpose of controlling variation. NOTE Special requirements and critical items are new terms and, along with key characteristics, are interrelated. • Special requirements are identified when determining requirements related to the product (see 7.2.1). • Special requirements may then require the identification of critical items. • Design output (see 7.3.3) may then include identification of critical items that require specific actions to ensure they are adequately managed. • Some critical items will be further classified as key characteristics because their variation needs to be controlled.

  32. Special Requirements, Critical Items & Key Characteristics • Key Characteristics Simplified • Communication of Criticality Between Engineering & Production • In House Production or Outsourced Production • Special Requirements & Critical Items Simplified • Communication of Criticality Between • Customer & Organization (SR) • Engineering & Engineering (CI) • In House Engineering or Outsourced Engineering • Common Expectations • Consideration for Use of More Rigorous Controls in Process • Risk Based Approach to Identification, Analysis and Communication of Customer and Product Requirements

  33. Special Requirements, Critical Items & Key Characteristics • Communication & Understanding of Risks • Risk Based Decisions and Actions in Individual Processes • Operational Options that Need Risk Oriented Decisions associated with Special Requirements • Design Approach • V&V Approach • Monitor & Insp. Approach • Supplier Oversight Identification of Critical Items & Key Characteristics Identification of Special Requirements RFQ Proposal Contract Design Manufact. Integrate Product Delivery Monitoring and Inspection Activities Communication of Supplier Requirements -Key Characteristics- Purchasing Suppliers All Requirements are not created equal

  34. 7.1 Planning of Product Realization 7.1 Planning of product realization The organization shall plan and develop the processes needed for product realization. Planning of product realization shall be consistent with the requirements of the other processes of the quality management system (see 4.1). In planning product realization, the organization shall determine the following, as appropriate: a) quality objectives and requirements for the product; NOTE Quality objectives and requirementsfor the product include consideration of aspects such as − product and personal safety, − reliability, availability and maintainability, − producibility and inspectability, − suitability of parts and materials used in the product, − selection and development of the software that contributes to the function of the product, and − recycling or final disposal of the product at the end of its life. f) configuration management appropriate to the product, its context and environment; g) the identification of resources to support the use and maintenance of product. The output of this planning shall be in a form suitable for the organization's method of operations. Identification & Communication

  35. 7.2.2 Review of Requirements Related to Product 7.2.1 Determination of requirements related to the product The organization shall determine a) requirements specified by the customer……. b) requirements not stated by the customer but necessary for specified or intended use, where known, c) statutory and regulatory requirements applicable to the product, and d) any additional requirements considered necessary by the organization. NOTE Requirements related to the product can include Special Requirements 7.2.2 Review of requirements related to the product The organization shall review the requirements related to the product. This review shall be conducted prior to the organization's commitment to supply a product to the customer …… and shall ensure that a) product requirements are defined, c) the organization has the ability to meet the defined requirements, d) special requirements of the product are determined, and e) risks (e.g., new technology, short delivery time frame) have been identified (see 7.1.2). Under- standing Identification & Communication

  36. 7.3.1 Design and Development Planning 7.3.1 Design and development planning Where appropriate, the organization shall divide the design and development effort into distinct activities and, for each activity, define the tasks, necessary resources, responsibilities, design content, input and output data and planning constraints. The different design and development tasks to be carried out shall be based on the safety and functional objectives of the product in accordance with customer, statutory and regulatory requirements. Under- standing

  37. Design and Development Outputs & Verification/Validation 7.3.3 Design and development outputs The outputs of design and development shall be in a form suitable for verification against the design and development input and shall be approved prior to release. Design and development outputs shall e) specify, as applicable, any critical items, including any key characteristics, and specific actions to be taken for these items. 7.3.6 Design and development validation Design and development validation shall be performed in accordance with planned arrangements (see 7.3.1) to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, where known. 7.3.6.2 Design and/or development verification and validation documentation At the completion of design and/or development, the organization shall ensure that reports, calculations, test results, etc., demonstrate that the product definition meets the specification requirements for all identified operational conditions. (7.1.2.e – Acceptance of Risk) Identification & Communication Decision Decision

  38. 7.5.1 Control of Production and Service Provision 7.4.2 Purchasing information Purchasing information shall describe the product to be purchased, including where appropriate e) requirements for design, test, inspection, verification, use of statistical techniques for product acceptance, and related instructions for acceptance by the organization, and as applicable critical items including key characteristics, 7.5.1 Control of production and service provision Planning shall consider, as appropriate − establishing, implementing and maintaining appropriate processes to manage critical items, including process controls where key characteristics have been identified, 8.2.4 Monitoring and measurement of product When critical items, including key characteristics, have been identified the organization shall ensure they are controlled and monitored in accordance with the established processes. Identification & Communication Decision Decision

  39. SR/CI Case Studies • What Have We Covered? • General Discussion on SR/CI Theories • Relationship to AS9100c Standard • Time to put your Auditor Hats Back On • Case Study • SR/CI - Space

  40. Risk Processes • Program plans • Structured Independence Processes • Mission Assurance Plan (MAP) • Defining of risk controls Products • Product Meets Requirements • Reliability program requirements • Critical items control & management • Mission/Product Assurance • Processing induced hazards Behaviors • Risk Identification • Analysis & Prioritization • Elevation of risk (communication) • Mitigation Decision Making • Human factors skill / training AS9100 Standard • Realization Process Risk Planning • Contracts • Design • Procurement • Manufacturing • Inspection

  41. Risk Management Processes • To Much QMS Focus on • Compliance To QMS Requirements • Cost & Schedule • Need Additional Focus on Risk & Risk Based Decisions • Process • Product • Why do we think this change to the standard was made?

  42. Potential Impacts To Organizations Processes • Program Management • Engineering • Purchasing • Supplier Management • S&MA • Others Procedures • Project & Design Lifecycles • Procurement • S&MA, SR&QA, Product Assurance, Etc. People • Identification and Communication of Risk • Understanding Options Within Processes, and Associated Decision Options • Application of Risk in Decision Making Process

  43. Challenges (i.e. Implementation Risks) • CBs & Auditors • Understanding the Varied Potential Applications of Risk in a QMS, Process, or Product lifecycle • Educate Yourselves on the Broadness of Risk Applicability in a QMS • Develop Sensible But Meaningful Approaches to Auditing Risk • Plan for a Successful Role out of a Risk Audit Approach • Communicate with Audit Staff & Other Affected Parties • Communicate with Your Customers on • Applicability of Risk within their QMS • Balanced Application of Cost, Schedule & Risk within an Organizations QMS. • Ensuring Processes Identify and Communicate Risks & Appropriated Decisions are Made to Ensure that Risks are Handled • Ensure Consistency to Mitigate Confusion • Not Covered in This Presentation • Risk & Project Management • Risk & Configuration Management

  44. Questions ?? Characteristic Key Critical Requirement Items Special Risk

More Related